Thursday, January 12, 2012

Does NoSQL Mean No Security? - Dark Reading

Excerpts from a timely NoSQL reality check

"We think the lack of security around NoSQL is going to take a toll on organizations," says Amichai Shulman, co-founder and CTO of Imperva. "We'll see a lot more organizations starting or going into deployment of NoSQL in the next year and we believe what they are going to find out after they put the data there is that there are some security issues they should have considered."

[…]

But this biggest benefit of NoSQL is also one of the biggest cause of concerns for security experts.

"One of the things about NoSQL is that the data model is pretty much dynamic," Shulman says. "I can add attributes to records as we go along. So the security model for this kind of architecture must have some notion of forward-looking security. So, understanding what happens with the new attributes that I introduce to the database and what the privileges that are granted into the new attributes that are added to the database. This is a concept that is non-existent and, quite frankly, no one has given thought to it so far."

Does NoSQL Mean No Security? - Dark Reading

No comments: